S-E Asian banks used by hackers for fraud: Report

Hackers used South-east Asian banks to receive funds from 83 per cent of all studied fraudulent transactions last year and this year, according to global payment network Swift.

The remaining 17 per cent was spread across Europe, North America and the Middle East, Swift said in a recent report.

Called beneficiary or "mule" accounts, these bank accounts are typically used by hackers to materialise funds extracted from financial systems.

South-east Asian financial institutions were also named as one of the major targets by cyber attackers over the last 15 months, with other regions targeted including Africa, Central Asia and Latin America.

In all cases, the targeted institutions were banks with smaller cross-border transactions per day.

Attacks also took place in the "reconnaissance phase", which meant hackers were not yet able to access a bank's payment systems even though they had managed to compromise a user's workstation.

Attackers could wait for weeks or even months before launching an attack, after learning the patterns and behaviours of users to plot the fraud.

 

Overall, the report saw a "dramatic" decrease in the individual value of each attempted fraudulent transaction to between US$250,000 (S$339,000) and US$2 million, from US$10 million previously, in order to avoid detection.

A version of this article appeared in the print edition of The Straits Times on April 13, 2019, with the headline 'S-E Asian banks used by hackers for fraud: Report'. Print Edition | Subscribe